• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2610
  • Last Modified:

Spam Problem

We run Exchange 2007 at our office.  One server is dedicated to Edge Transport, and the other server is Mailbox, Hub Transport and Client Access.  Some of the long time people at our office who have been here for 10 years get LOTS of spam daily.  The president of the company averages about 200 spam per day.

The Edge transport server really should really be taking care of this problem.
Here are some of the settings we use:
Content Filtering
Delete Messages -- Unchecked
Reject Messages -- Checked for SCL 7
Quarantine Messages -- Checked for SCL 6

Sender ID is enabled.

Sender Reputation Properties
Sender Confidence Level -- Checked
Action: 7

I updated to Exchange2007 SP3 last night so Version: 08.03.0083.000 is running on both of our servers.  Everyone is still getting the same amount of spam.

We are even using RBL's
...and signed up to use Barracuda's service http://www.barracudacentral.org/rbl

It doesn't seem to make much of a difference at all.

I'm starting to wonder if we have an infected computer somewhere on our LAN that is spamming people.

How do all our settings look?
What do the experts have to say about this?

1 Solution
Paul TozerCommented:
Can you get the message header from a few of the emails and post them
jamorlandoAuthor Commented:
Here's a couple that went straight to inbox after our Exchange upgrade.  I have changed our actual company name to @ourcompany.com to protect the innocent :)

Received: from exchange02.iks.bz ( by exchange01.iks.bz
 ( with Microsoft SMTP Server (TLS) id; Fri, 27 Aug
 2010 10:43:59 -0400
Received: from xs160.bestcarssite.info ( by smtp.insertkey.com
 ( with Microsoft SMTP Server id; Fri, 27 Aug 2010
 10:43:53 -0400
Message-ID: <7362058816035093985.4656b797cc6b9d7cc42e9bc3820d4e78.1119882280@xs160.bestcarssite.info>
Subject: NEWS ALERT: Apple iPad auctions for up to 95% off retail!
From: SwipeBids <SwipeBids@bestcarssite.info>
MIME-Version: 1.0
To: <joe@ourcompany.com>
Date: Fri, 27 Aug 2010 10:40:12 -0400
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Return-Path: SwipeBids@bestcarssite.info
X-MS-Exchange-Organization-PRD: bestcarssite.info
Received-SPF: Pass (exchange02.iks.bz: domain of SwipeBids@bestcarssite.info
 designates as permitted sender) receiver=exchange02.iks.bz;
 client-ip=; helo=xs160.bestcarssite.info;
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;SID:SenderIDStatus Pass;OrigIP:
X-MS-Exchange-Organization-SCL: 0
X-MS-Exchange-Organization-SenderIdResult: PASS

Received: from exchange02.iks.bz ( by exchange01.iks.bz
( with Microsoft SMTP Server (TLS) id; Fri, 27 Aug
2010 00:22:48 -0400
Received: from otenet.gr ( by smtp.insertkey.com (
with Microsoft SMTP Server id; Fri, 27 Aug 2010 00:22:48 -0400
From: Sale on sexual boosters <subazino3279@otenet.gr>
To: <tjohnson@ourcompany.com>
Subject: Dear customer tjohnson, here's 70% Sale invitation.. who replacing
Date: Fri, 27 Aug 2010 07:23:03 +0300
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Message-ID: <adfb8897-6bfd-415b-8a0e-73976cdf08fd@exchange02.iks.bz>
Return-Path: subazino3279@otenet.gr
X-MS-Exchange-Organization-PRD: otenet.gr
Received-SPF: None (exchange02.iks.bz: subazino3279@otenet.gr does not
designate permitted sender hosts)
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;SID:SenderIDStatus None;OrigIP:
X-MS-Exchange-Organization-SCL: 3
X-MS-Exchange-Organization-SenderIdResult: NONE
See this document:

The edge server requires tuning to aggressively block spam.  I'm not even convinced that by itself it would be a great solution without some other software like Forefront, GFI MailEssentials, Symantec Brightmail etc.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

jamorlandoAuthor Commented:
Trust me ... I've read about ALL these settings, and it doesn't seem to make a difference.  When I set them too aggressively, people start not receiving important business emails.

I think it's unacceptable that third party software be the solution to this problem.

In any case, I'm still wondering if someone on our network has a virus that's spamming people?  I have no idea how I would even test this unless we shut off every desktop and server here except for the two exchange servers.
jamorlandoAuthor Commented:
If you notice in the first message header I posted, the SCL is 0!  How can that be????  The email address is from SwipeBids@bestcarssite.info ... even a 2 year old would know that's spam.

Come on guys, I know there has to be something to fix this.
I agree with Fr0zT 100%, the edge blocking doesn't work well.  I have found it just take the worst of the worst out and that's it.  I do not think you have an infected machine on your local site.  Once your email is on a spam list, the spammers sell it to other spammers and it never ever stops.

I know you don't want a third party solution but Microsoft has a great virus/spam filter for under $1/yr/mailbox. Its called Forefront online protection for exchange.  
jamorlandoAuthor Commented:
Philonator, I like that there is a free 30 day trial.  I'm going to set this up.  Has anyone used this product?  Success?
I have tried it one one client and we are going to recommend it for more.  It is working sweet.  You can schedule a sales demo with them.  The most negative parts is that you need to sign a 3 yr agreement (but don't let that bother you.) and change mx records.  After that it is smooth sailing.

You basically redirect your mail to Microsoft first, they filter it, and then is sent to your exchange server.  There are other options you buy from them like archiving and encryption at the same low price.  Its relatively new, but I can see this product taking some serious market share from barracuda and others.

last two thoughts:  I hated the idea at first, but once it was in place I became a believer and  I swear I am not a sales rep for them!
jamorlandoAuthor Commented:
It says $1.75 per user.  We have around 100 outlook users, however only about 10 of them get spam.  Can you only set it up for the 10 users, or would we have to pay for all 100?
When you point the mx records all mail will be filtered.  So technically you need to buy it for all users and service accounts.
BTW- buy it through a reseller like ingram or tech data and you will get the $1 a mailbox discounted price.
jamorlandoAuthor Commented:
Awesome to know about Tech Data... we use them here all the time.
Another question:  Can we ditch our Edge Transport server if we get FOPE implemented?
I would like to say yes, but is that all the edge server is doing?  When we implemented it we left everything is place first, and saw that it was doing what it advertised to do.  We then started removing equipment and programs without issue.
jamorlandoAuthor Commented:
Ok, I'll feel it out.  I'm going to get the trial, and if I have any more questions, I'll put it in the discussion or open a new thread.  Thank you!
Post back to this thread either way what you do.  I think it would be helpful to others.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now